hashgraph-online

hashgraph-online / codex-plugin-scanner

Public

Security and best-practices scanner for Codex CLI plugins. Scores plugins 0-100.

cli codex codex-plugins mcp plugin-scanner
16
0
100% credibility
Found Apr 05, 2026 at 16 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A tool that scans AI assistant plugins for security risks, best practices, and publishability, providing scores and reports for developers.

How It Works

1
🔍 Find the Plugin Checker

While preparing your AI assistant add-on, you discover this free tool that checks if it's safe and ready to share.

2
📦 Add the Tool

You install it on your computer in seconds so you can start checking your project right away.

3
📁 Select Your Folder

You point the tool at your project folder, and it begins examining everything inside.

4
Get Your Quality Score

In moments, you see a clear score out of 100, plus friendly tips on security, setup, and improvements – it's exciting to know exactly how good it is!

5
🔧 Fix Simple Issues

You follow the easy suggestions, like adding a description file or removing hidden info, to boost your score.

6
🔍 Double-Check Everything

Run a full test to confirm your add-on works smoothly and follows all best practices.

🎉 Share Safely

With a top score and clean report, your plugin is ready – publish it confidently to the world!

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 16 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is codex-plugin-scanner?

This Python CLI tool and GitHub Action scans Codex CLI plugins for security vulnerabilities, operational gaps, and best practices, delivering a 0-100 score across categories like manifest validation, SECURITY.md presence, hardcoded secrets, and dangerous MCP commands. It checks github security md files, github security policy compliance, and github security scanning signals while flagging issues like unpinned github actions or missing lockfiles. Run `codex-plugin-scanner lint .` locally or gate PRs with SARIF uploads for automated security github repository reviews.

Why is it gaining traction?

It bundles runtime verification, Cisco-backed skill security, and policy profiles like public-marketplace or strict-security into one workflow, outputting JSON, Markdown, or SARIF for CI dashboards. Mechanical fixes normalize paths, and high scores trigger auto-submissions to plugin registries. Developers hook it via pre-commit or Actions for effortless security best practices kubernetes-style gating without custom scripts.

Who should use this?

Codex plugin maintainers enforcing security best practices least privilege in manifests and MCP transports before marketplace submission. CI teams scanning multi-plugin repos for github security advisories equivalents, operational security like Dependabot configs, or skill security in Cisco integrations. Authors targeting 80+ scores for trust badges in security github projects.

Verdict

Grab it for Codex workflows—docs are crisp, PyPI-ready, with fuzzing—but 16 stars and 1.0% credibility score signal early maturity; pair with manual reviews until adoption grows. (187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.